New virus

We're seeing right now probably the fastest propogating mass mailing virus ever... Called "Goner", it comes with a file called gone.scr. Most AV vendors haven't updated their signatures yet (we stopped it with our heuristic scanner, which I hope to talk about at TPC in 2002), so it's just flooding through most people's systems. We've seen over 10,000 so far today, which is just phenomenal considering it kicked off at about 3pm (it's now 5:20pm).

Of course it's *great* for business. I'm sure The Register and other sites all over the web will be quoting us for the next few days. It's kinda cool working for a much talked about company:-)

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Without JavaScript enabled, you might want to
use the classic discussion system instead. If you login, you can remember this preference.

Please Log In to Continue

Have you heard about Warhol worms [berkeley.edu]? A craftily written piece of malware could wreak some serious havoc in about 15 minutes. 2 hours? That's a blessing; you have enough time to
notice the attack and formulate a response. (presuming you have some good heuristics in your mail filters.:-)

Yes, we heard of warhol worms. It's all good business for us though, because if one of those breaks out, we'll still stop it heuristically (we offer a 100% anti-virus guarantee, with good reason).

I think many sysadmins out there will think differently about 2 hours being a blessing:-) Remember it's not 2 hours to propogate, it's 2 hours to reach critical mass, which means that it's already infected enough computers to reach critical mass. Oh, and this one deletes antivirus software too, which is kinda fu

Fortunately, the details were also on Symantec [symantec.com]. My manager opened it up (fortunately, he has Eudora so it didn't propogate) and I spent the next hour re-installing Norton (he had an old version that doesn't have e-mail protection) and taking out the virus.

You have to call our salespeople to get info on the heuristic stuff. Basically, we detect email viruses by checking if the email (or attachment) is trying to do something malicious, like mail itself all over the place, or open files, etc. It's more complex than that, but you get the idea. We have an almost zero false positive ratio, and a 100% anti-virus guarantee, which so far (2 months) we've kept to for all customers. We also run through 4 commercial scanners, just to be sure.